cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 05 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cryptography.io
Cryptography.io cryptography |
|
CPEs | cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:* | |
Vendors & Products |
Cryptography Project
Cryptography Project cryptography |
Cryptography.io
Cryptography.io cryptography |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-02-07T20:54:03.628Z
Updated: 2024-08-02T10:42:27.102Z
Reserved: 2023-01-19T21:12:31.360Z
Link: CVE-2023-23931
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-07T21:15:09.850
Modified: 2024-11-21T07:47:07.570
Link: CVE-2023-23931
Redhat